CVE-2022-3752

CVSS V2 None CVSS V3 None
Description
An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.
Overview
  • CVE ID
  • CVE-2022-3752
  • Assigner
  • PSIRT@rockwellautomation.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-19T23:15:10
  • Last Modified Date
  • 2022-12-27T18:59:02
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:* 1 OR 32.011
cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:rockwellautomation:compactlogix_5580_firmware:*:*:*:*:*:*:*:* 1 OR 31.011
cpe:2.3:h:rockwellautomation:compactlogix_5580:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:* 1 OR 32.011
cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:* 1 OR 31.011
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:* 1 OR 31.011
cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:* 0 OR
History
Created Old Value New Value Data Type Notes
2022-12-20 01:15:06 Added to TrackCVE
2022-12-20 03:15:27 2022-12-19T23:15:10.660 2022-12-19T23:15:10 CVE Published Date updated
2022-12-20 03:15:28 2022-12-20T02:47:33 CVE Modified Date updated
2022-12-20 03:15:28 Received Awaiting Analysis Vulnerability Status updated
2022-12-21 07:03:14 2022-12-20T15:15:11 CVE Modified Date updated
2022-12-21 07:03:16 Weakness Enumeration new
2022-12-21 07:03:18 An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic load to cause a denial-of-service condition resulting in a denial-of-service condition. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation. An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation. Description updated
2022-12-22 12:20:02 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-27 19:14:50 2022-12-27T18:59:02 CVE Modified Date updated
2022-12-27 19:14:50 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-27 19:14:52 Weakness Enumeration update
2022-12-27 19:14:54 CPE Information updated